Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Assume Compromise and Protect Your Endpoints: SANS 2nd Survey on Endpoint Security

  • Wednesday, May 06, 2015 at 1:00 PM EDT (2015-05-06 17:00:00 UTC)
  • Roger Angarita, Jake Williams


  • Guidance Software

You can now attend the webcast using your mobile device!



Almost 50% of organizations are operating under the assumption they've been compromised, while 21% acknowledge that their edge security is not catching more than 30% of their breaches, according to the SANS 2014 Endpoint Security Survey.In it, more than 900 respondents indicated that their endpoint remediation was mostly manual, and that they lacked visibility into their endpoints.

Through this second survey, SANS hopes to build better consensus around best practices for managing and integrating endpoint security to reduce risk and respond faster to endpoint-related events.

Attend this webcast to learn:

  • What types of attacks organizations are experiencing
  • What type of endpoint targets are most of interest to attackers
  • How to improve endpoint visibility and response
  • How organizations prioritize and manage risk related to their endpoints
  • What challenges are associated with recovering from an incident
  • Where improvements in automation have been made, and whether or not those improvements help with visibility

Be among the first to receive the associated whitepaper written by Jake Williams.

View the associated whitepaper.

Speaker Bios

Jake Williams

Jake Williams is a Principal Consultant at Rendition Infosec. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, Jake worked with various cleared government agencies in information security roles.

Jake is the co-author of the SANS FOR610 course (Malware Reverse Engineering) and the FOR526 course (Memory Forensics). He is also a contributing author for the SEC760 course (Advanced Exploit Development). In addition to teaching these courses, Jake also teaches a number of other forensics and security courses. He is well versed in Cloud Forensics and previously developed a cloud forensics course for a US Government client.

Jake regularly responds to cyber intrusions performed by state-sponsored actors in financial, defense, aerospace, and healthcare sectors using cutting edge forensics and incident response techniques. He often develops custom tools to deal with specific incidents and malware reversing challenges.

Additionally, Jake performs exploit development and has privately disclosed a multitude of zero day exploits to vendors and clients. Why perform exploit development? It's because metasploit != true penetration testing. He found vulnerabilities in one of the state counterparts to and recently exploited antivirus software to perform privilege escalation.

Jake has spoken at Blackhat, Shmoocon, CEIC, B-Sides, DC3, as well as numerous SANS Summits and government conferences. He is also a two-time victor at the annual DC3 Digital Forensics Challenge. Jake used this experience with, and love of, CTF events to design the critically acclaimed NetWars challenges for the SANS malware reversing and memory forensics courses. Jake also speaks at private engagements and has presented security topics to a number of Fortune 100 executives.

Jake developed Dropsmack, a pentesting tool (okay, malware) that performs command and control and data exfiltration over cloud file sharing services. Jake also developed an anti-forensics tool for memory forensics, Attention Deficit Disorder (ADD). This tool demonstrated weaknesses in memory forensics techniques.

Roger Angarita

Roger Angarita is the Director, Product Management for Guidance Software, responsible for defining the product vision and roadmap. He oversees product planning and execution throughout the product lifecycle for the company's EnCase® security, e-discovery and forensic product lines. Roger is also credited with co-inventing Linked Review™, a patent pending technology that is the basis for the new EnCase® 8 product suite. Prior to joining Guidance Software, he was a practicing attorney at Latham Watkins focused on corporate litigation, corporate transactional law, licensing and intellectual property. Roger also founded two app companies where he developed more than ten iPhone and iPad apps for the educational and sports markets.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.